In the information era marked by the ever-increasing development of high-performance technologies, the use of biometrics and digital footprints has presented new challenges for human intelligence (HUMINT) operations. Biometrics recognition coupled with digital exhaust thus raises concerns regarding the protection of HUMINT officers and sources. The increasing amount of identifying data collected through biometrics and digital traces has implications on legend building and digital cover identities.
1. New technologies, heightened surveillance, and the erosion of anonymity
In an era of technological improvement, the increasing digital and biometrical traceability coupled with advanced data analytics and cheap data storage is changing the framework in which human intelligence is conducted (source). The proliferation of sophisticated technologies is streamlining the surveillance process, resulting in the erosion of anonymity.
1.1 Street surveillance
London is equipped with an abundant CCTV system. The UAE rolled out facial recognition in the street. China, through its estimated 540 millions cameras, implemented the country’s social credit program. It gave local governments an unprecedent oversight and control over its citizens (source). The Beijing’s regime claims to have achieved total CCTV coverage of Beijing, questioning the long-term usability of cover aliases (source). Street surveillance – the physical observation of intelligence officers – is the Achilles Heel of espionage. It allows contacts, movements, and tradecraft to be mapped out (source).
Technological developments rendered the threat of street surveillance even more acute. Once in the operational theatre, operatives need to compete with more than their physical tails. They also face extensive CCTV networks.
As illustrated by the case of the Israeli assassination team responsible of the assassination of Mahmoud Al-Mabhouh in 2010, even basic CCTVs can cause problems. Indeed, CCTV cameras spread across Dubai luxury hotels allowed for the team’s movements and disguises to be unravelled (source).
Similarly, the spread of biometric tools at border controls significantly hinders intelligence officers’ ability to travel with cover. Indeed, it ties biological characteristics to a specific identity (source) (source).
For instance, in 2014, Russia adopted Executive Order 735. It implements the collection of biometric data of ‘all foreign nationals and stateless persons for each of their applications for a Russian visa’.
In 2017, China began a nationwide program to fingerprint all foreigners entering the territory (source). Such measures considerably restrict any travel under alias. Indeed, biometric features are hard to fake and are unique to an individual.
However, China, Russia, Iran, and any other U.S. adversaries are not the only ones to conduct such operations. Indeed, as outlined in the U.S. Army doctrine,
‘the collecting, matching, and intelligence analysis of biometric data supports positive identification and characterization of individuals who may pose a threat to U.S. national security’.
It enhances protection ‘by eliminating the anonymity of adversaries and their associated networks.’
Biometrics enabled intelligence (BEI) ‘attempts to reduce anonymity and positively identify individuals based on qualities that make someone unique’ (source). This doctrine was specific to certain operations, such as in Kosovo. However, one can assume that the U.S. intelligence community applies similar principles.
Digitalisation and sharing of databases
The interconnectedness that characterises this era might force HUMINT operatives to act under their real identity. It, however, poses a genuine threat to their personal security (source).
Recent investigations presuppose the erosion of anonymity. Indeed, the digitalisation of databases and the tight link between personal records and biometrics allow for the recognition of individuals at an unprecedented scale and speed. Bellingcat’s investigation on the GRU Unit 29155 and the assassination attempt on Gebrev in Bulgaria in 2015, matched Egor Gordienko to his fake persona “Georgy Gorshkov”. Facial recognition made it relatively easy to unravel aliases (source).
However, the “one country, one alias” rule is being challenged. The growing sharing of biometrical information between countries, such as the one taking place within the European Union (source) (source) limit such practice. As countries increasingly share their databases, the “one country, one alias” rule with erodes. It is replaced by “one group of country, one alias”.
2. Digital dust and cover identities
Biometrics and heightened surveillance are not the only challenge intelligence agencies face: digital footprint also complicates human intelligence activities. Indeed, digital dust – the trace that individuals leave behind as they use devices and interact with the digital world – facilitates the tracking of individuals.
2.1 Digital footprint of human intelligence activities
Today’s growing digital environment has the potential to transform the foundation on which intelligence rests: secrecy (source). The digital exhaust we leave behind transformed how we conduct HUMINT (source). Several public cases showed how states, non-state actors, and even individuals exploited digital footprint. The data and metadata generated by an agent’s use of cellular phones, computer, or credit cards creates an indelible traceable digital record. In that way, patterns of activity and profiles can be mapped out relatively easily. It renders past notions of cover and tradecraft practices inadequate, if not obsolete (source). Hence, the continuous ability to mine data and perform real-time analysis threaten the secrecy associated with HUMINT activities.
2.2 Digital covers and social media presence
The accessibility of data already provoked a major shift in the construction of cover identities. As almost every human activity creates, or is affected by, digital information, cover identities must comprise a digital imprint. It renders a fake persona credible (source). Social media and presence in cyberspace are also part of this ‘digital footprint’. It both withstand some level of scrutiny and validates a persona (source). Today, the average business or diplomatic profession is expected to exist in the cyberspace, if only through a LinkedIn profile. Therefore, a (digital) legend must include such internet presence, largely pre-dating the creation of the cover to appear as credible. Hence, a digital cover needs to be robust enough to make it indistinguishable from authentic digital identities (source).
However, social media present another problem, namely that of rapid improvements of facial recognition. For instance, if an operative based in Eastern Europe builds a Facebook cover profile, Facebook’s automated facial recognition software might send tagging requests to friends and family. By doing so, it draws a link between the legend and the real identity. The development of sophisticated ‘backstopping procedures’ allows to seed legends through various digital channels. Yet, ever-changing advanced data analytics tools leave little to no space for error, making intelligence officers highly vulnerable (source).
3. Rethinking human intelligence
The intelligence community thus needs to adapt to those technological changes. While it poses a threat to HUMINT tradecraft, it can also enhance counterintelligence capabilities (source). Several solutions were offered to overcome individual challenges posed by biometrics. They include backdooring border control software that can enable pass-through (source).
However, such solutions are not sustainable in the long-term. The challenge of biometrics is here to stay. Intelligence communities thus need to rethink how it conducts HUMINT activities abroad. Similarly, every individual casts a unique digital shadow. Because no two digital identities are identical, no two cover identities should be the same. A uniformity of digital data can be just as indicative of a cover as the absence of any data at all. Hence, practitioners must create digital cover identities with enough depth and individuality as to replicate those of real people (source). Likewise, a fake biological persona could be created alongside the digital cover, with, for example, fake fingerprints.
Technological innovations have certainly offered new capabilities, but they also enhanced the erosion of anonymity. The amount of identifying data available on interconnected databases has implication on legend building. Biometrics allows for the almost automatic tracking of individuals, limiting intelligence officers’ movement under alias, as it ties a person’s biological attribute to a specific identity. In the same way, digital dust has created an indelible record, facilitating the unravelling of (digital) cover identities. Hence, the world of ubiquitous surveillance we live in has transformed the framework in which HUMINT operations take place.